Command Injection Vulnerability in Netwrix Password Secure Software by Netwrix
CVE-2025-26817

9.8CRITICAL

Key Information:

Vendor

Netwrix

Vendor
CVE Published:
3 April 2025

Badges

📈 Score: 199👾 Exploit Exists📰 News Worthy

What is CVE-2025-26817?

CVE-2025-26817 is a command injection vulnerability found in Netwrix Password Secure version 9.2.0.32454, a software designed to provide secure password management and storage solutions for organizations. The vulnerability allows attackers to execute arbitrary operating system commands through crafted input, which could be exploited if an application interacts with the vulnerable software without proper validation of user inputs. By leveraging this vulnerability, an attacker could gain unauthorized access to the underlying operating system, potentially leading to severe security breaches that could compromise sensitive organizational data.

Potential impact of CVE-2025-26817

  1. Unauthorized Access and Control: The command injection flaw could allow attackers to execute arbitrary commands on the server hosting the Netwrix Password Secure software, enabling them to take full control of the system.

  2. Data Breaches: Exploiting this vulnerability may grant attackers access to sensitive credentials and other confidential information stored within Netwrix Password Secure, leading to potential data leaks.

  3. Widespread System Compromise: If attackers gain control over the vulnerable system, they may further propagate inside the network, potentially compromising other applications and services, escalating the risk of a larger security incident.

News Articles

CVE Trends Dashboard

We're in the process of developing the mobile version of our website to improve your browsing experience on smaller screens. Keep an eye out for its release in the near future.Thank you for your patience!

Netwrix Password Manager Vulnerability Allows Authenticated Remote Code Execution

CVE-2025-26817 in Netwrix Password Secure allows code execution by authenticated users; all versions up to 9.2.2 are affected.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by CybersecurityNews

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-26817 : Command Injection Vulnerability in Netwrix Password Secure Software by Netwrix